Digital signatures and electronic documents: a cautionary tale
Proceedings of the IFIP TC6/TC11 Sixth Joint Working Conference on Communications and Multimedia Security: Advanced Communications and Multimedia Security
See What You Sign: Secure Implementations of Digital Signatures
IS&N '98 Proceedings of the 5th International Conference on Intelligence and Services in Networks: Technology for Ubiquitous Telecom Services
Trustworthy verification and visualisation of multiple XML-signatures
CMS'05 Proceedings of the 9th IFIP TC-6 TC-11 international conference on Communications and Multimedia Security
Digital identity security architecture in Ethos
Proceedings of the 7th ACM workshop on Digital identity management
Hi-index | 0.00 |
The security of digital signatures depends not only on the cryptographic strength of the digital signature algorithms used, but also on the integrity of the platform on which the digital signature application is running. Breach of platform integrity due to unintentional or intentional malfunctioning has the potential of wrongly imposing liability on, or wrongly taking liability away from signing parties. This problem is amplified by the fact that digital signatures may be generated on platforms that are not under the control of the signing party, and that there can be strong financial incentives for trying to manipulate the systems used for digital signatures. In practice it is extremely difficult to assess the integrity of a general purpose computing platform, so that digital signing on such platforms in principle is untrustworthy. This paper describes a method for robust WYSIWYS (What You See Is What You Sign) that ensures the integrity of digital documents and their digital signatures. This method can only be directly applied to documents written with traditional ASCII characters. For more advanced formatting a specific layout definition language must defined.